CE Wingate
Summary
Lead Auditor with a proven track record in delivering IT Security, Cloud Security, SOX, SOC 1/2, PCI DSSv4.0, ISO 27001:2022, and HITRUST audits efficiently and effectively under tight deadlines. Expertise in threat and vulnerability assessment, data privacy, regulatory compliance, and risk management. Strong communication and leadership skills facilitate collaboration with teams to enhance processes and ensure compliance with industry standards.
Overview
15
15
years of professional experience
2
2
Certification
Work History
Lead Security Auditor GRC
OneTrust
11.2023 - 02.2025
- Audit principal, leading and performing IT security risk management and readiness assessments.
- Ensuring PCI DSS v4.0, HITRUST r2, ISO 27001, and other global certifications were achieved.
- Directed activities and managed a team of jr auditors.
- Managing audits with external audit partners.
- Served as the technical expert and change agent, supporting enterprise risk management transformation projects, enhancing security systems, applications and processes.
- Developed and operationalized continuous monitoring of IT related security risks across the enterprise.
- Streamlined repeatable audit process by engaging AI resources, automation, increasing risk mitigation efficiencies, governance and reduction across IT operations.
- Leveraged cloud - native security tools (e.g., Wiz IO, AWS IAM, Microsoft Entra IAM Governance) to manage and mitigate cloud-related security vulnerabilities.
- Provided strategic GRC consulting and guidance to risk stakeholders on mitigating inherent IT risks, threats and operational vulnerabilities.
Security Auditor Lead
The Walt Disney Corporation
01.2021 - 08.2023
- Led, supported and executed IT security and certification audits (SOX, PCI DSS, SWIFT), identifying and mitigating critical vulnerabilities, resulting in a 45% reduction in security risks with TWDC corporate pillars.
- Developed and engineered the Corporate Compliance GRC continuous monitoring program. Created repeatable audit processes, documentation and KRI models.
- Delivered IT control development training sessions with control owners to ensure design and effectiveness as a part of the GRC platform migration project.
- Evaluated the design and effectiveness of controls intended to mitigate ITGC risks (change controls, access, encryption, and backup).
- Worked with internal and external audit teams.
- Developed related findings, and remediation reporting.
- Performed root cause analysis of failed processes, controls, and IT system resources across TWDC pillars, and provided remediation recommendations.
Enterprise Risk Management Principal
XPO Logistics
12.2017 - 11.2020
- Served as Principal Auditor responsible for evaluating IT security risks, regulatory compliance, and global data/privacy/protection requirements across XPO’s international business units.
- Conducted regular assessments and audits of privacy controls to identify gaps, vulnerabilities, and areas for improvement.
- Served as a subject matter expert on information security privacy matters, providing guidance and support to internal stakeholders and business units.
- Conducted IT compliance reviews in cloud environments (AWS, GCP), ensuring implementation of access controls and system hardening aligned with XPO Logistics IT policy and regulatory data protection/security compliance.
- Coordinated with external auditors and regulators during compliance assessments and audits, providing documentation and evidence as required.
- Lead Auditor for global ISO 27001/27002 ISMS compliance, overseeing certification and ongoing compliance.
- Led CMMC audit readiness and certification activities, aligning security practices with evolving DoD compliance standards.
- Collaborated closely with XPO General Council and global compliance teams to develop and align security and data privacy requirements meeting GDPR, CCPA and other state and federal programs.
Education
Information Technology - Computer Science
University of Alaska Anchorage
Skills
- NIST AI RMF
- NIST 800 Series
- ISO 27001:2022 Lead Auditor
- ISO 42001 AIMS Lead Auditor
- TISAX
- Risk Management
- AWS
- GCP
- Azure
- Cloud Security Posture Mgt
- SOX
- SOC2
- PCI DSSv40
- HITRUST/HIPAA
- CMMC
- Business Continuity & Recovery
- Data Privacy and Data Protection
- GDPR/ EU AI Act/ State/Fed Privacy
- IT Program Management
Certification
- ISO/IEC 27001/27002, 42001 AIMS Lead Auditor, 2024
- PCI DSS(A)QSA, 2018
- CISA ISACA, 2013
Early Career History
- Senior Associate, RSM, 03/01/15, 12/31/16
- Senior Associate, Deloitte, 01/01/11, 11/30/14
- IT Analyst, Apple Corporation, 01/01/08, 12/31/10
Timeline
Lead Security Auditor GRC
OneTrust
11.2023 - 02.2025
Security Auditor Lead
The Walt Disney Corporation
01.2021 - 08.2023
Enterprise Risk Management Principal
XPO Logistics
12.2017 - 11.2020
Information Technology - Computer Science
University of Alaska Anchorage
Similar Profiles
Nitish GauravNitish Gaurav
Quality Engineering Manager at OneTrustQuality Engineering Manager at OneTrust
Adam HackAdam Hack
Regional Vice President of Sales at OneTrustRegional Vice President of Sales at OneTrust
JAKE GILLARDJAKE GILLARD
Talent Acquisition Partner at OneTrustTalent Acquisition Partner at OneTrust
Stephanie IdikaStephanie Idika
Cyber Security Auditor / GRC Intern at Think cloudlyCyber Security Auditor / GRC Intern at Think cloudly
Smriti KushwahaSmriti Kushwaha
GRC LEAD AUDITOR at ECLAT HEALTH SOLUTIONSGRC LEAD AUDITOR at ECLAT HEALTH SOLUTIONS